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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH (S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely Hied 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)D Responsive to communication(s) filed on 23 September 2005 . 
2a)D This action is FINAL. 2b)E3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
Disposition of Claims 

4) (3 Claim(s) 107-147 and 165-181 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) KI Claim(s) 107-147 and 165-181 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

11) 13 The proposed drawing correction filed on 03 May 2004 is: a)E3 approved b)D disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§ 119 and 120 

13) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (0. 

a)D All b)D Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

1 4) Q Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121. 

Attachment(s) 

1 ) £3 Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) Paper No(s). . 

2) Q Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) □ Notice of Informal Patent Application (PTO-152) 

3) □ Information Disclosure Statement(s) (PTO-1449) Paper No(s) . 6) □ Other: 
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DETAILED ACTION 

Continued Examination Under 37 CFR LI 14 
1 . A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1. 17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1 . 1 7(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.114. Applicant's submission filed on 9/23/2005 has been entered. 

Response to Arguments 

1.1 In response to communications filed on 9/23/2005, Applicant amends claims 107, 1 09, 
110, 125, 131, 133, 134, 145, 165, 167-172, and 179. The following claims 107-147 and 165- 
181 are presented for examination. 

1 .2 In response to communications filed on 9/23/2005, Applicant has not overcome the 112 
rejection since the claims recite similar limitations as amended and further introduces other new 
limitation that is not explicitly described in the disclosure at the time of the filing 

1.3 Applicant's arguments, pages 14-21, filed on 6/20/2005 have been fully considered but 
they are not persuasive. Applicant argues that Bhagwat does not disclose "providing a plurality 
of sockets wherein each socket has an associated connection and an associated security token". 
Examiner respectfully disagrees. The section provided by Examiner states "a TCP connection is 
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uniquely identified by the names of the two sockets at its endpoints " There are two independent 
connections and each normal TCP connection terminates at a TCP socket which is named by an 
address and port number (that meets the recitation of security token). Bhagwat also discloses 
using SOCKS protocol version 4 or 5 for exchanging authentication information (column 7, lines 
20-26) that also meets the recitation of using socket with an associated connection and an 
associated security token and comparing security token with associated security tokens. 
Applicant has amended the claims to overcome the prior art, Bhagwat. However, the claims as 
amended present new matter situation as explained below. Upon further consideration, the 
claims as amended have not overcome the rejection. Claims 107-147 and 165-181 are still 
rejected in view of the same references. 



Claim Objections 

2. Claims 109, 133, and 167 and the intervening claims are objected to because the claims 
as amended reciting "in response to said comparing if the first security token and a security token 
associated with one of the plurality of sockets match, coupling the first connection to the 
connection associated with the socket associated with the matching security token " are not 
consistent with the disclosure page 12, lines 20-25, wich merely states "the end points are 
connected by relay program" in response to the matching. Applicant is requested to present the 
claimed language in consistency with the disclosure to avoid new matter situation. Appropriate 
correction is required. 



Claim Rejections - 35 USC § 112 
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3. The following is a quotation of the first paragraph of 35 U.S.C. 1 12: 

The specification shall contain a written description of the invention, and of the manner 
and process of making and using it, in such full, clear, concise, and exact terms as to 
enable any person skilled in the art to which it pertains, or with which it is most nearly 
connected, to make and use the same and shall set forth the best mode contemplated by 
the inventor of carrying out his invention. 

3.1 Claims 107, 131, 148 and 125, 145, and 165, 179 and the intervening claims are rejected 
under 35 U.S.C. 1 12, first paragraph, as failing to comply with the written description 
requirement. The claims contain subject matter, which were not described in the specification in 
such a way as to reasonably convey to one skilled in the relevant art that the inventor(s), at the 
time the application was filed, had possession of the claimed invention. Applicant's disclosure 
fails to recite the amended claims as claimed. Applicant's disclosure portion that refers to socket 
can only be found on page 11, line 19 through page 12, line 25, "the socket is being employed in 
describing the relay program 210" in the exemplary process of figure 4. "It will be apparent to 
one skill in the art that the network connections referred to herein will be cast in terms of other 
programmatic constructs". At the time the invention was made, Applicant was not concerned of 
having the invention implemented in a networking concept of socket as disclosed in the claims. 
The plurality of sockets claimed by applicant in the last action, as interpreted by Examiner, 
represented the socket of the first connection and the matching socket. Given the claims now as 
amended, it appears that Applicant is referring to the list of currently open sockets (to be 
searched for match), because Applicant now claims that the socket (interpreted as the attempted 
connection) is included in the plurality of sockets in response to no match. Therefore, the 
specification does not describe, "providing a plurality of sockets, wherein each socket has an 
associated connection and an associated security token and the associated token is provided by 
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the associated connection". The disclosure does not even explicitly states, "the socket" is 
included in the plurality of sockets. In addition, the disclosure does not describe, "creating a 
socket associated with the first connection wherein the first connection has associated the first 
security token " The disclosure merely states "create a socket for use by an inbound connection" 
this socket was never mentioned afterwards, and merely states "a password is provided". The 
association that Applicant is claiming with the created socket having an associated connection 
and associated token is not explicitly disclosed. Note that at the time the invention was made by 
Applicant, the disclosure of this embodiment with respect to figure 4 was primarily concerned 
with matching the passwords and determining if the connection should be put on a listen state. 
Not even the amended dependent claims 125 and 145 reciting, in response to the comparing if 
there is no match, including the second connection with said one or more corresponding 
connections, was not described in the specification as explained above as to reasonably convey 
to one skilled in the relevant art that the inventor(s), at the time the application was filed, had 
possession of the claimed invention. 

Claim Rejections - 35 USC §102 
4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form 
the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another 
filed in the United States before the invention thereof by the applicant for patent, or on an 
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international application by another who has fulfilled the requirements of paragraphs (1), (2), and 
(4) of section 371(c) of this title before the invention thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 1999 
(AIPA) and the Intellectual Property and High Technology Technical Amendments Act of 2002 
do not apply when the reference is a U.S. patent resulting directly or indirectly from an 
international application filed before November 29, 2000. Therefore, the prior art date of the 
reference is determined under 35 U.S.C. 102(e) prior to the amendment by the AIPA (pre- AIPA 
35 U.S.C. 102(e)). 

4.1 Claims 107-127 and 131-148 are rejected under 35 U.S.C. 102(e) as being anticipated by 
US Patent 5,941,988 to Bhagwat et ah. 

4.2 As per claims 107-108, 131-132, and 148, Bhagwat et al. discloses a method 
comprising providing one socket for each end connection wherein each socket has associated 
address, port number, sequence space and sequence number and checksum (see column 3, line 
45 through column 4, line 17 see abstract) that meets the recitation of associated security token; 
so the disclosure above meets the recitation of providing a plurality of sockets, wherein each 
socket has an associated connection and an associated security token; Bhagwat et al discloses £t a 
TCP connection is uniquely identified by the names of the two sockets at its endpoints." There 
are two independent connections and each normal TCP connection terminates at a TCP socket 
which is named by an address and port number (that meets the recitation of security token) and 
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the associated security token is provided by the associated connection (see column 3, line 45 
through column 4, line 17 and column 5, lines 5-56). In addition, Bhagwat also discloses using 
SOCKS protocol version 4 or 5 for exchanging authentication information (column 7, lines 20- 
26). It is inherent that the SOCKS protocol version 5 establishes connection by using strong 
authentication including username/password authentication. Copies of Socks Protocol Version 5 
are provided to Applicant as extrinsic evidence. Bhagwat et al also discloses a proxy receives 
connection from the client and exchanges authentication information, for example (see column 7, 
lines 10-25) also the client sends the associated security token as discussed above to establish 
connection (see column 3, line 45 through column 4, line 17 column 6, lines 35-43; column 7, 
lines 45-67) that meets the recitation of receiving a first connection and a first security token; 
Bhagwat et al also discloses creating a socket associated with the first connection (column 7, 
. lines 13-26) and an authentication test that meets the recitation of comparing the first security 
token with the associated security tokens (column 7, lines 13-26). It is inherent that the SOCKS 
protocol version 5 establishes connection by using strong authentication including 
username/password authentication to determine validity of the connection request by comparing. 
Bhagwat et al also discloses checking the authentication test (column 7, lines 12-25) and 
discloses a mapping process that includes comparing the security token of the client to associated 
security tokens also discloses matching port numbers or addresses that meets the recitation of 
comparing the first security token with the associated security tokens, for example (column 6, 
lines 35-43; and column 7, line 55 through column 8, line 24; see also column 4, lines 22-37); 
Bhagwat et al further discloses in one embodiment that if authentication fails the socket returns 
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to listen state as an open connection that meets the recitation of including the socket in the 
plurality of sockets (column 7, lines 13-56); 

As per claims 109, 111, 133, 135, Bhagwat et al. discloses the limitation of further 
comprising: in response to said comparing, if the first security token and a security token 
associated with one of the plurality of sockets match, coupling the first connection to the 
connection associated with the socket, for example (see column 5, lines 5-20). 

As per claims 110, 134, Bhagwat et al. discloses the limitation of further comprising: in 
response to said comparing, if none of the associated security tokens match the first security 
token, upon a determination that the first connection is not to be associated with a socket, 
disconnecting the first connection, for example (see column 12, lines 25-37). 

As per claims 112, 136, Bhagwat et al. discloses the limitation of wherein the coupling 
the first connection to the connection associated with the socket comprises: creating a single 
connection comprising the first connection and the connection associated with the socket, for 
example (see column 5, lines 5-20 and column 7, lines 26-56). 

As per claims 113-114, 137-138, Bhagwat et al. discloses the limitation of further 
comprising: decoupling the first connection and the connection associated with the socket, 
wherein the decoupling occurs upon one of failure and disconnect of one of the first connection 
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and the connection associated with the socket, for example (see column 12, lines 25-37 and 
column 9, line 55 et seq.). 

As per claims 115, 139, Bhagwat et al. discloses the limitation of wherein the first 
connection is transmitted through a first firewall program, for example (see column 1, lines 45- 
67 and column 5, lines 5-20). 

As per claim 116, Bhagwat et al. discloses a proxy that can create a connection that 
meets the recitation of the limitation of wherein the first connection is created by a protocol 
daemon, for example (see column 7, lines 26-45). 

As per claim 117, Bhagwat et al. discloses wherein a second connection connects the 
protocol daemon to a first program, and the protocol daemon couples the first connection to the 
second connection, for example (see column 7, lines 26-56). 

As per claim 118, Bhagwat et al discloses wherein the protocol daemon relays a data 
stream between the first connection and the second connection, for example (see column 7, lines 
26-56). 

As per claim 119, Bhagwat et ah discloses wherein the first program provides the first 
security token, for example (see column 3, line 63 through column 4, line 8). 
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As per claims 120 and 140, Bhagwat et al. discloses a method comprising: creating a 
first connection to a proxy that meets the recitation of first program (column 5, lines 5-10); 
receiving data 1 that meets the recitation of a first security token from the first program (column 
5, lines 18-20); creating a second connection to a telnet server that meets the recitation of relay 
program (column 5, line 15); providing the first security token to the relay program, for example 
(see column 5, lines 18-20); and upon successful creation of the second connection, coupling the 
first connection to the second connection, for example(column 5, lines 18-30). See also (see 
column 3, line 63 through column 4, line 8; and column 7, lines 26-45). 

As per claims 121 and 141, Bhagwat et al. discloses the limitation of wherein the 
second connection is transmitted through a firewall program, for example (see column 3, line 63 
through column 4, line 8; column 5, lines 5-40; and column 7, lines 26-45). 

As per claims 122 and 142, Bhagwat et al. discloses the limitation of further 
comprising: relaying a data stream between the first connection and the second connection, for 
example (see column 3, line 63 through column 4, line 8; column 5, lines 5-40 and column 7, 
lines 26-45). 

As per claims 123 and 143, Bhagwat et al. discloses the limitation of wherein the first 
security token is one of a password, a network address, and a verification string, for example (see 
column 3, line 63 through column 4, line 8; column 5, lines 5-40; and column 7, lines 26-45). 
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As per claims 124 and 144, Bhagwat et al. discloses the limitation of further 
comprising: terminating the first connection and the second connection, for example (see column 
12, lines 25-37 and column 9, lines 55 et seq.). 

As per claims 125 and 145, Bhagwat et ah discloses the limitation of wherein the relay 
program compares the first security token with one or more security tokens associated with one 
or more corresponding connections, for example (column 7, lines 10-55 and column 8, lines 40 
et seq. and column 4, lines 22-37 and column 12, line 33-55); in response to said comparing, if 
the first security token and a security token associated with a corresponding connection match, 
coupling the second connection to the connection associated with the matching security token, 
for example (see column 5, lines 5-20); and in response to said comparing, if none of the 
associated security tokens match the first security token, including the second connection with 
said one or more corresponding connections, for example (column 7, lines 10-55 and column 8, 
lines 40 et seq. and column 4, lines 22-37). 

As per claims 126 and 146, Bhagwat et al. discloses the limitation of wherein the 
connection associated with the matching security token is initiated by a second program, for 
example (see column 5, lines 5-20). 

As per claims 127 and 147, Bhagwat et ah discloses the limitation of wherein the relay 
program relays data between the second connection and the connection associated with the 
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matching security token, for example (see column 3, line 63 through column 4, line 8; column 5, 
lines 5-40 and column 7, lines 26-45). 

Claims 165-173 are similar to the rejected claims 107-1 15 respectively except for 
incorporating the claimed methods into a computer program. Therefore, 107-1 15 are rejected on 
the same rationale as the rejection of claims 165-173. 

Claims 174-181 contains the same claim limitations as the rejected claims 120-127 
respectively except for incorporating the claimed methods into a computer program. Therefore, 
174-181 are rejected on the same rationale as the rejection of claims 120-127. 

Claim Rejections - 35 JJSC § 103 
5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject matter 
sought to be patented and the prior art are such that the subject matter as a whole would have 
been obvious at the time the invention was made to a person having ordinary skill in the art to 
which said subject matter pertains. Patentability shall not be negatived by the manner in which 
the invention was made. 
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5. 1 Claims 128-130 are rejected under 35 US.C. 103(a) as being unpatentable over US 
Patent 5,941,988 to Bhagwat et al. in view of US Patent 6,104,716 to Crichton et aL 

5.2 Claim 128 contains the same limitations as claim 120 except for using a protocol daemon 
to create both connections. Bhagwat et al discloses a proxy that meets the recitation of protocol 
daemon and discloses all the limitations of claim 120 except for initiating the first connection to 
the client. Crichton et al. in an analogous art teaches the limitation of claim 120 by using a 
client proxy for communicating with a client and with a middle proxy and coupling the 
connections to provide end-to-end connections through firewalls (column 2, lines 26-52). 
Crichton et al also discloses the client and the proxy can reside on the same machine (column 6, 
lines 15-24), Crichton et al also discloses that the functionality of end proxies that meets the 
recitation of protocol daemon can be increased to allow for other protocols and services, for 
example one end proxy could provide both client and server end proxy functionality (column 5, 
lines 41-45). Crichton discloses one end proxy could provide both client and server end proxy 
functionality (column 5, lines 41-45). This means if the first program represents an application 
server an in-bound connection is created "a server end-proxy can connect to an inside X- 
Windows system server and a middle proxy" (column 5, lines 32-35). Applicant discloses the 
same (on page 9, lines 9-15) program 135 (first program) requires an in-bound connection (e.g. 
where program 135 is an application server) ... such functionality is provided by a daemon 
running on computer 105. Therefore, it would have been obvious to one of ordinary skill in the 
art at the time the invention was made to modify the proxy or protocol daemon disclosed in 
Bhagwat et al. to provide a protocol daemon program that does the creating of the first 
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connection as well as the second connection thus increasing the functionality of end proxy to 
allow for other protocols and services as suggested by Crichton et al. One skilled in the art 
would have been lead to make such a modification and recognizes the advantage of using an end 
proxy that could provide both client and server end proxy functionality as this increase of 
functionality would allow for more protocols and services as suggested by Crichton et al (see 
column 5, lines 41-45). 

Conclusion 

6. The prior art made of record and not relied upon is considered pertinent to applicants 
disclosure. US Patents 6,308,238 Smith et al. 5,944,823 Jade et al. 

These patents pertain to comparing security token with associated security tokens to 

determine whether or not connection should be established. Many of the claimed features are 

disclosed in these references. 

6. 1 Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carl Colin whose telephone number is 571-272-3862. The 
examiner can normally be reached on Monday through Thursday, 8:00-6:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
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applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov . Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Carl Colin 
Patent Examiner 
December 2, 2005 
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